Trojan.DNSChanger and SearchScopes

Page 3 of 3 Previous  1, 2, 3

View previous topic View next topic Go down

Trojan.DNSChanger and SearchScopes

Post by DarrenC on Fri 27 Mar 2015, 5:13 am

First topic message reminder :

# AdwCleaner v4.113 - Logfile created 26/03/2015 at 09:38:35
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Michelle - MICHELLE-LAPTOP
# Running from : C:\Users\Michelle\Downloads\adwcleaner_4.113.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}

***** [ Web browsers ] *****

#NAME?


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


#NAME?


*************************

AdwCleaner[R0].txt - [2864 bytes] - [06/11/2014 13:57:52]
AdwCleaner[R10].txt - [3914 bytes] - [25/03/2015 07:03:04]
AdwCleaner[R11].txt - [2025 bytes] - [25/03/2015 07:14:17]
AdwCleaner[R12].txt - [2144 bytes] - [25/03/2015 07:22:14]
AdwCleaner[R13].txt - [2263 bytes] - [25/03/2015 07:31:11]
AdwCleaner[R14].txt - [2384 bytes] - [25/03/2015 07:38:42]
AdwCleaner[R15].txt - [2504 bytes] - [25/03/2015 07:45:48]
AdwCleaner[R16].txt - [2624 bytes] - [25/03/2015 07:52:26]
AdwCleaner[R17].txt - [2744 bytes] - [25/03/2015 08:00:31]
AdwCleaner[R18].txt - [8420 bytes] - [25/03/2015 12:50:11]
AdwCleaner[R19].txt - [2984 bytes] - [25/03/2015 13:00:33]
AdwCleaner[R1].txt - [1061 bytes] - [06/11/2014 14:44:30]
AdwCleaner[R20].txt - [4127 bytes] - [25/03/2015 13:31:00]
AdwCleaner[R21].txt - [3164 bytes] - [25/03/2015 13:51:55]
AdwCleaner[R22].txt - [4295 bytes] - [25/03/2015 18:40:21]
AdwCleaner[R23].txt - [4355 bytes] - [25/03/2015 18:43:21]
AdwCleaner[R24].txt - [3464 bytes] - [25/03/2015 19:02:10]
AdwCleaner[R25].txt - [3584 bytes] - [25/03/2015 20:07:33]
AdwCleaner[R26].txt - [3704 bytes] - [26/03/2015 08:50:29]
AdwCleaner[R27].txt - [3764 bytes] - [26/03/2015 08:53:47]
AdwCleaner[R28].txt - [3824 bytes] - [26/03/2015 09:08:37]
AdwCleaner[R2].txt - [2041 bytes] - [12/11/2014 14:52:06]
AdwCleaner[R3].txt - [1085 bytes] - [12/11/2014 15:09:50]
AdwCleaner[R4].txt - [8259 bytes] - [24/03/2015 11:15:43]
AdwCleaner[R5].txt - [1372 bytes] - [24/03/2015 11:30:07]
AdwCleaner[R6].txt - [1431 bytes] - [24/03/2015 11:39:29]
AdwCleaner[R7].txt - [11126 bytes] - [24/03/2015 14:03:22]
AdwCleaner[R8].txt - [2761 bytes] - [24/03/2015 15:35:24]
AdwCleaner[R9].txt - [3221 bytes] - [25/03/2015 06:56:29]
AdwCleaner[S0].txt - [2760 bytes] - [06/11/2014 14:00:09]
AdwCleaner[S10].txt - [2333 bytes] - [25/03/2015 07:31:27]
AdwCleaner[S11].txt - [2453 bytes] - [25/03/2015 07:38:55]
AdwCleaner[S12].txt - [2573 bytes] - [25/03/2015 07:46:07]
AdwCleaner[S13].txt - [2693 bytes] - [25/03/2015 07:53:13]
AdwCleaner[S14].txt - [2813 bytes] - [25/03/2015 08:01:31]
AdwCleaner[S15].txt - [8525 bytes] - [25/03/2015 12:52:20]
AdwCleaner[S16].txt - [4202 bytes] - [25/03/2015 13:40:26]
AdwCleaner[S17].txt - [3233 bytes] - [25/03/2015 14:02:31]
AdwCleaner[S18].txt - [4428 bytes] - [25/03/2015 18:43:30]
AdwCleaner[S19].txt - [3533 bytes] - [25/03/2015 19:03:58]
AdwCleaner[S1].txt - [2128 bytes] - [12/11/2014 14:55:27]
AdwCleaner[S20].txt - [3653 bytes] - [26/03/2015 06:22:14]
AdwCleaner[S21].txt - [3275 bytes] - [26/03/2015 09:38:35]
AdwCleaner[S2].txt - [8190 bytes] - [24/03/2015 11:21:29]
AdwCleaner[S3].txt - [1499 bytes] - [24/03/2015 12:01:00]
AdwCleaner[S4].txt - [10551 bytes] - [24/03/2015 14:38:47]
AdwCleaner[S5].txt - [2835 bytes] - [24/03/2015 15:42:14]
AdwCleaner[S6].txt - [3309 bytes] - [25/03/2015 06:57:01]
AdwCleaner[S7].txt - [3999 bytes] - [25/03/2015 07:07:31]
AdwCleaner[S8].txt - [2093 bytes] - [25/03/2015 07:14:43]
AdwCleaner[S9].txt - [2212 bytes] - [25/03/2015 07:23:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S21].txt - [3808  bytes] ##########




Malwarebytes Anti-Malware

Scan Date: 3/26/2015
Scan Time: 9:46:23 AM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.26.05
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Michelle

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367136
Time Elapsed: 36 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5EA0F310-66E7-47DE-8308-90A94C0279A0}|NameServer, 31.168.228.251,82.166.96.251, Good: (), Bad: (31.168.228.251,82.166.96.251),,[c954ef5b880263d3a8518d6c3acbf30d]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)







No matter how many times I run these scans, these 2 things keep coming back and I'm not sure how to get rid of them...

DarrenC

Newbie Surfer
Newbie Surfer

Posts : 34
Joined : 2015-03-27
Operating System : Windows 8.1

View user profile

Back to top Go down


Re: Trojan.DNSChanger and SearchScopes

Post by Superdave on Wed 22 Apr 2015, 4:12 am

There is something amiss with Chrome. Did you try uninstalling and reinstalling it?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by DarrenC on Wed 22 Apr 2015, 4:38 am

Yup. Tried that on page 2 =(

DarrenC

Newbie Surfer
Newbie Surfer

Posts : 34
Joined : 2015-03-27
Operating System : Windows 8.1

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by Superdave on Wed 22 Apr 2015, 5:52 am

Do you have any Add-ons in Chrome. It appears the something in Chrome is causing these pop-ups.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by DarrenC on Wed 22 Apr 2015, 6:43 am

There are no add-ons or anything in any browser. The adds in Chrome seem to be coming from "CloudScout" but there is nothing evident in my installed programs or anything. I changed my DNS back to be automatically obtained and there was one in there (I assume was changed by the DNSChanger that MBAM keeps finding) but I still have the ads and pop-ups

DarrenC

Newbie Surfer
Newbie Surfer

Posts : 34
Joined : 2015-03-27
Operating System : Windows 8.1

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by Superdave on Wed 22 Apr 2015, 9:47 am

This is a puzzler. Let's try running this. In the meantime, I will have a colleague take a look at this thread.

Please download RenewMyDNS by DragonMaster Jay.

•Save it to your Desktop.
•Right-click on the file and select Extract All...
•Choose a location to save extracted files and keep pressing Next until Finished.
•Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
•Follow the prompts, and when finished it will launch a log.
•Post that log in your next reply.
•After posting the log, delete the folder RenewMyDNS.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by DarrenC on Thu 23 Apr 2015, 2:11 am

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows [Version 6.3.9600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))



Windows IP Configuration

Host Name . . . . . . . . . . . . : Michelle-Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

PPP adapter DP VPN Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DP VPN Connection
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.212(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 9C-AD-97-AC-62-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8188EE 802.11 b/g/n Wi-Fi Adapter
Physical Address. . . . . . . . . : 9C-AD-97-AC-62-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b84e:d920:7343:e32c%5(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.10.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, April 20, 2015 10:22:36 AM
Lease Expires . . . . . . . . . . : Thursday, April 23, 2015 6:27:32 AM
Default Gateway . . . . . . . . . : 192.168.10.1
DHCP Server . . . . . . . . . . . : 192.168.10.1
DHCPv6 IAID . . . . . . . . . . . : 110931351
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-5F-BE-D0-64-51-06-AE-1D-04
DNS Servers . . . . . . . . . . . : 192.168.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 64-51-06-AE-1D-04
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Request timed out.
Request timed out.
Reply from 206.190.36.45: bytes=32 time=68ms TTL=52
Reply from 206.190.36.45: bytes=32 time=69ms TTL=52

Ping statistics for 206.190.36.45:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 68ms, Maximum = 69ms, Average = 68ms

Pinging GeekPolice.net [184.168.221.8] with 32 bytes of data:
Request timed out.
Reply from 184.168.221.8: bytes=32 time=147ms TTL=56
Reply from 184.168.221.8: bytes=32 time=228ms TTL=55
Reply from 184.168.221.8: bytes=32 time=152ms TTL=56

Ping statistics for 184.168.221.8:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 147ms, Maximum = 228ms, Average = 175ms

Pinging facebook.com [173.252.120.6] with 32 bytes of data:
Request timed out.
Reply from 173.252.120.6: bytes=32 time=109ms TTL=83
Reply from 173.252.120.6: bytes=32 time=109ms TTL=83
Reply from 173.252.120.6: bytes=32 time=113ms TTL=83

Ping statistics for 173.252.120.6:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 109ms, Maximum = 113ms, Average = 110ms

Pinging microsoft.com [134.170.185.46] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 134.170.185.46:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

********************
EOF

DarrenC

Newbie Surfer
Newbie Surfer

Posts : 34
Joined : 2015-03-27
Operating System : Windows 8.1

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by Superdave on Thu 23 Apr 2015, 3:09 am

Any change?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by DarrenC on Thu 23 Apr 2015, 3:34 am

Seemingly good, so far, since the DNS change I mentioned

DarrenC

Newbie Surfer
Newbie Surfer

Posts : 34
Joined : 2015-03-27
Operating System : Windows 8.1

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by Superdave on Thu 23 Apr 2015, 3:41 am

Please keep me posted.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by DarrenC on Sat 25 Apr 2015, 5:36 am

It seems to be OK again so far

DarrenC

Newbie Surfer
Newbie Surfer

Posts : 34
Joined : 2015-03-27
Operating System : Windows 8.1

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by Superdave on Sat 25 Apr 2015, 5:50 am

Ok. This was a tough one but I learned something. You can do the clean up I suggested earlier and we'll be done. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by DarrenC on Tue 28 Apr 2015, 2:19 am

Sounds good. Thanks again!

DarrenC

Newbie Surfer
Newbie Surfer

Posts : 34
Joined : 2015-03-27
Operating System : Windows 8.1

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by Superdave on Tue 28 Apr 2015, 4:41 am

DarrenC wrote:Sounds good. Thanks again!
You're welcome.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan.DNSChanger and SearchScopes

Post by Sponsored content Today at 12:47 pm


Sponsored content


Back to top Go down

Page 3 of 3 Previous  1, 2, 3

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum